Privacy Policy ClassSync App

ClassSync & ClassSyncTeacher

DONGSEO is committed to protecting the freedom and rights of the information subject. We comply with the ‘Personal Information Protection Act’ and related laws, and manage personal information safely and legally. In accordance with Article 30 of the ‘Personal Information Protection Act’, we guide the information subject on the procedures and standards for personal information processing. We have established and disclosed a personal information processing policy to ensure that complaints related to this can be handled quickly and smoothly

This privacy policy will be applied from August 1, 2022

Scope of Microsoft 365 API Usage in the ClassSync

  1. Allows the app to read the profile of the signed-in user
  2. Allows the app to read and write all users’ full profiles
  3. Allows the app to read and write all applications
  4. Allows the app to have the same access to directory data as the signed-in user
  5. Allows the app to read and write directory data
  6. Allows the app to create, read, update, and delete teamwork tags
  7. Allows the app to read and write all team settings
  8. Allows the app to read and write calendars
  9. Allows the app to read and write all places
  10. Allows the app to read and write all groups

Scope of Microsoft 365 API Usage in the ClassSyncTeacher

  1. Allows the app to read the profile of the signed-in user
  2. Allows the app to read and write files in the signed-in user’s OneDrive
  3. Allows the app to read the names and descriptions of teams
  4. Allows the app to read the names and descriptions of channels
  5. Allows the app to read all files the signed-in user can access

Scope of Google API usage in the ClassSync

  1. Google Login: Verify the email address of the basic Google account, view personal information (including personal information set to public)
  2. Google Workspace Administrator: View and manage customer domain provisioning, view and manage organizational units in the domain, view and manage domain user provisioning
  3. Classroom: Verify, modify, create, and permanently delete my Google Classroom classes, manage Google Classroom class attendance
  4. Google Calendar: Create and manage in Google Calendar based on the academic calendar and class timetable dataset provided by Open DataSet
  5. Buildings and Resources: Create and manage buildings and resources based on the timetable classroom dataset provided by Open DataSet

ClassSync : Sharing Google user data with third-party AI platforms

  1. For account integration, you can register the ID, surname, and name obtained from Google user data in restricted and sensitive scopes as school accounts in Microsoft 365 and Whalespace
  2. You can register the ID, surname, and name obtained from Microsoft 365 user data as school accounts in Google Workspace and Whalespace

Scope of Google API usage in the ClassSyncTeacher

  1. Google Login: Verify the email address of the basic Google account, view personal information (including personal information set to public)
  2. Google Drive: View and Download Google Drive Files

ClassSyncTeacher : Sharing Google user data with third-party AI platforms

  • The ClassSyncTeacher app can download data from OneDrive and Google Drive to the user’s device and upload it to a new Microsoft 365 OneDrive account.

ClassSync and ClassSyncTeacher clarify that user data obtained through the Google Workspace API is not used to develop, improve, or train generalized artificial intelligence (AI) and machine learning (ML) models. Customer data is used solely for the purpose of providing the service

The ClassSync app provided by DONGSEO complies with the Google API Services User Data Policy, including the Limited Use requirements, when transmitting or using information collected through the ClassSync and ClassSyncTeacher Google APIs with other apps ( https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes )

Article 1 (Purpose of Personal Information Processing)

  • DONGSEO processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, we plan to take necessary measures such as obtaining separate consent in accordance with Article 18 of the ‘Personal Information Protection Act
  1. Membership Registration and Management We process personal information for the purpose of identifying and authenticating individuals in accordance with the provision of membership services, maintaining and managing membership qualifications, preventing unauthorized use of services, and various notifications and notifications.
  2. Provision of Goods or Services We process personal information for the purpose of providing services, sending contracts and invoices, and providing customized services.”

Article 2 (Processing and Retention Period of Personal Information)

  1. DONGSEO processes and retains personal information within the personal information retention and use period stipulated by law or the personal information retention and use period agreed upon when collecting personal information from the information subject.
  2. The processing and retention period for each personal information is as follows: ① ClassSync Apps Usage Registration Personal information related to the ClassSync apps usage registration is retained and used for the above purpose from the date of consent to collection and use until it is semi-permanent. Retention basis: ‘Retention and use period’ agreed upon by the information subject Retention purpose: Management of ClassSync apps subscription records, confirmation of free license provision

Article 3 (Items of Personal Information to be Processed) 

  • DONGSEO processes the following items of personal information: ① Provision of goods or services Required item: Email address used for ClassSync apps registration

Article 4 (Procedure and Method for Destruction of Personal Information)

  1. DONGSEO destroys the relevant personal information without delay when personal information becomes unnecessary due to the expiration of the personal information retention period or the achievement of the processing purpose.
  2. If the personal information retention period agreed upon by the information subject has expired or the processing purpose has been achieved, but personal information must continue to be preserved according to other laws, the relevant personal information is moved to a separate database (DB) or the storage place is changed to preserve it.
  3. The procedure and method for destroying personal information are as follows: ① Destruction procedure DONGSEO selects personal information for which a reason for destruction has occurred, and destroys the personal information with the approval of the personal information protection officer of DONGSEO. ② Destruction method DONGSEO destroys personal information recorded and stored in electronic file format so that the record cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration

Article 5 (Rights and Obligations of the Information Subject and Legal Representative, and How to Exercise Them)

  1. The information subject can exercise the right to request access, correction, deletion, and suspension of processing of personal information from DONGSEO at any time.
  2. The exercise of rights can be done through written, email, facsimile (FAX), etc. to DONGSEO in accordance with Article 41, Paragraph 1 of the ‘Personal Information Protection Act’, and DONGSEO will take action without delay.
  3. The exercise of rights can also be done through a representative such as a legal representative or a person who has received a delegation from the information subject. In this case, you must submit a power of attorney according to Form No. 11 of the ‘Notice on Personal Information Processing Method (No. 2020-7)’.
  4. The request for access to personal information and suspension of processing may be limited by the rights of the information subject under Article 35, Paragraph 4, and Article 37, Paragraph 2 of the ‘Personal Information Protection Act’.
  5. The request for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws.
  6. DONGSEO verifies whether the person who made the request for access, correction, deletion, and suspension of processing according to the rights of the information subject is the person himself or a legitimate representative

Article 6 (Measures to Ensure the Safety of Personal Information) DONGSEO is taking the following measures to ensure the safety of personal information

  1. Minimization and Training of Personal Information Handling Staff We have designated employees who handle personal information and limited them to responsible persons to minimize and manage personal information.
  2. Establishment and Implementation of Internal Management Plan We have established and implemented an internal management plan for the safe processing of personal information.
  3. Encryption of Personal Information The user’s personal information and password are encrypted and stored and managed, so only the individual can know. For important data, we use separate security functions such as encrypting files and transmission data or using a file lock function.
  4. Restriction of Access to Personal Information We are taking necessary measures for access control to personal information by granting, changing, and deleting access rights to the database system that processes personal information, and we are controlling unauthorized access from the outside using an intrusion prevention system.
  5. Access Control for Unauthorized Persons We have a separate physical storage place where personal information is stored, and we have established and operate an access control procedure for it

Article 7 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

  1. DONGSEO uses ‘cookies’ to store and retrieve usage information in order to provide individualized customized services to users.
  2. Cookies are a small amount of information that the server (http) used to operate the website sends to the user’s computer browser, and it can also be stored on the hard disk of the user’s PC. ① Purpose of using cookies: Cookies are used to understand the visit and usage patterns of each service and website visited by the user, popular search terms, whether secure access is possible, etc., to provide optimized information to the user. ② Installation, operation, and rejection of cookies: You can refuse to store cookies through the option settings in the Tools > Internet Options > Privacy menu at the top of the web browser. ③ If you refuse to store cookies, you may have difficulty using customized services

Article 8 (Matters concerning the Personal Information Protection Officer)

  1. DONGSEO is responsible for overseeing the work related to personal information processing, and has designated a Personal Information Protection Officer as follows to handle complaints and remedy damages related to personal information processing.
  2. Personal Information Protection Officer Name: SHIN HONG JOO | Position: Representative | Rank: Representative Contact: hjshin@dongseo.com ※ You will be connected to the department in charge of personal information protection.
  3. Department in charge of personal information protection Department Name: Development Team | Person in Charge: SHIN HONG JOO Contact: hjshin@dongseo.com
  4. Information subjects can inquire to the Personal Information Protection Officer and the department in charge about all matters related to personal information protection that occur while using the services (or business) of DONGSEO. DONGSEO will respond and handle your inquiries without delay

Article 9 (Department Receiving and Processing Requests for Access to Personal Information)

  • According to Article 35 of the ‘Personal Information Protection Act’, the information subject can request access to personal information to the department below. DONGSEO will strive to ensure that requests for access to personal information are processed promptly. ‣ Department receiving and processing requests for access to personal information Department Name: Development Team | Person in Charge: SHIN HONG JOO Contact: hjshin@dongseo.com

Article 10 (Remedies for Infringement of Rights of Information Subjects)

  1. Information subjects can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. for remedies due to personal information infringement. For other reports and consultations on personal information infringement, please contact the following institutions. ① Personal Information Dispute Mediation Committee: (without area code) +82-1833-6972 ② Personal Information Infringement Report Center: (without area code) +82-118 ③ Supreme Prosecutors’ Office: (without area code) +82-1301 ④ National Police Agency: (without area code) +82-182
  2. DONGSEO is committed to ensuring the self-determination rights of the information subject and strives for consultation and remedy for personal information infringement. If you need to report or consult, please contact the department in charge below. ‣ Customer consultation and reporting related to personal information protection Department Name: Development Team | Person in Charge: SHIN HONG JOO Contact: hjshin@dongseo.com
  3. Those who have been infringed on their rights or interests due to the disposition or omission by the head of a public institution in response to the request under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing, etc.) of the ‘Personal Information Protection Act’ can request an administrative trial in accordance with the Administrative Litigation Act. ※ For more information on administrative trials, please refer to the website of the Central Administrative Appeals Commission

Article 11 (Changes to the Personal Information Processing Policy)

  • This personal information processing policy will be applied from January 2, 2023. You can check the previous personal information processing policy below.
  1. February 26, 2024: Compliance with Google API Services User Data Policy, addition of Google API usage scope content.
  2. February 28, 2024: Addition of content sharing user data with third-party AI platforms in the ClassSync apps.
  3. March 4, 2024: Addition of content sharing user data with whalespace account in the ClassSync apps.
  4. June 6, 2024: Addition of Google API usage scope (Calendar, Building, Resource)
  5. July 13, 2024: Addition of Microsoft 365 API Usage scope
  6. October 31, 2024: Addition of Google API usage scope and third-party AI platform data sharing with user data in the ClassSyncTeacher app.
  7. November 11, 2024: ClassSync and ClassSyncTeacher specify the scope of user data that is not used through the Google API.